Is there any way for a plugin to know what service or upstream ip addresses that will be tried in kong load balancing?
I think we can use Kong Admin API to get upstream targets (IPs)
curl 127.0.0.1:8001/upstreams/{name,id}/targets
Thanks for the answer @narate, but i think it’s not enough, since kong can also load balance based on DNS information.
What i’m trying to make is a plugin to restrict ip address that can be accessed from kong.
Can you clarify “tried in kong load balancing?”. Do you mean the IPs that it resolves to the upstream services? Or are you referring to Kong’s built in load-balancing functionality? (which I have limited experience with)
Yeah, the IP that it resolve to the upstream service. Be it from domain name defined in service object or an upstream object used in the service object. AFAIK, those IPS are the ones that will be used in kong load balancing.
Gotcha. In the PDK is a DNS resolver. I have used that to add logging around DNS lookups to help debug issues. (Object is here: https://github.com/Kong/kong/blob/master/kong/tools/dns.lua)
However, I am not aware of how to hook into the DNS lookup that nginx does on its own when a DNS lookup is needed.
For example, this will give you a table of resolved information for google.com. Be sure to consider TTL, as the IP address of your upstreams are likely to change over time.
local dnsHelper = require 'kong.tools.dns'
local resolver = dnsHelper(conf)
local resp, err = resolver.resolve("www.google.com", {}, false, nil)
1 Like
Great, thanks for the refference @michael.bowers. i think that could work to restrict the upstream IP.
But i’m still concerned that kong will use different IP for the upstream, since now the plugin will likely need to cache the dns resolution to not affect latency.
If only there is a hook the plugin could implement after kong load balancer pick an IP but before it send the request. Or something that will make sure the IPs that the plugin got will be equals to that used by kong